38,000 Vets' Data Missing

As many as 38,000 veterans may be at risk of identity theft because a Veterans Affairs Department subcontractor lost a desktop computer containing their sensitive personal data.

VA Secretary Jim Nicholson said that Unisys Corp., a subcontractor hired to assist in insurance collections for VA medical centers in Philadelphia and Pittsburgh, reported the missing computer last Thursday. The computer was being used in Unisys offices in Reston, Va.

It is not yet known what happened to the computer, Nicholson said, adding that local and federal authorities are investigating.

The computer is believed to contain names, addresses, Social Security numbers, dates of birth, insurance carriers and claims data including medical information for veterans who received care at the hospitals in Philadelphia and Pittsburgh during the past four years.

According to initial estimates, the data covered about 5,000 patients treated at Philadelphia, 11,000 treated at Pittsburgh and 2,000 deceased patients. The VA is investigating whether the information also may have covered 20,000 who received care through the Pittsburgh medical center.

Unisys spokeswoman Lisa Meyer said company officials were investigating and declined to say whether a particular employee had been using the computer.

The computer was located in a building and floor where security procedures were in place for access, and there were no signs of a break-in, she said. The computer was password protected, but the data was not encrypted.

The disclosure comes after a string of recent data breaches at the VA, including the May 3 theft of 26.5 million veterans' personal data from a VA employee's home in suburban Maryland. The laptop and external drive containing that information has since been recovered, and two teens were arrested Saturday as part of what appeared to be a routine burglary.

In recent weeks, the VA has also acknowledged losing sensitive data for more than 16,000 veterans in at least two other cases in Minneapolis and Indianapolis.

Nicholson said in a statement Monday that the VA was working with Unisys to notify those veterans affected and to provide credit monitoring if appropriate.

"VA is making progress to reform its information technology and cyber security procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead," Nicholson said.

Lawmakers were critical of the VA. Rep. Lane Evans, the top Democrat on the House Veterans' Affairs Committee, called the latest data breach "yet another wake-up call."

"Today's announcement by the VA that sensitive personal information of veterans was compromised by a VA subcontractor last week confirms that the VA must move quickly to protect the information it maintains on veterans and their families," Evans said.

"I am absolutely appalled that another computer containing the personal information of veterans has gone missing," said Sen. Rick Santorum, R-Pa. "Those responsible must be held accountable and the VA clearly needs to do a better job of overseeing its contracting entities."